Weekly Update Templates (1).png960×540 47.4 KB

Introduction

This week was pretty quiet as most team members were taking some time off or were traveling again to conferences.

We still got to fix quite a few bugs, updated some documentation and implemented some minor features and improvements here and there.

A bunch of work also went into the LXD snap, fixing some issues here and there, backporting a large chunk of bugfixes and preparing for it to switch over to socket activation for everyone.

Upcoming conferences and events

• Linux Security Summit Europe - Edinburgh, UK (October 22-24)
  • Kernel Subsystem Overview and Recent Developments: Namespaces and Capabilities by @brauner
• Open Source Summit Europe - Edinburgh, UK (October 25-26)
  • 10 Years Of Linux Containers by @brauner
  • Using Containers For GPU Workloads by @brauner
• Linux Plumbers Conference - Vancouver, BC (November 13-15)
  • Containers and checkpoint/restart micro-conference

Ongoing projects

The list below is feature or refactoring work which will span several weeks/months and can’t be tied directly to a single Github issue or pull request.

• Incremental update of containers
• LXD projects
• Switching distribution building over to distrobuilder
• Various kernel work
• Stable release work for LXC, LXCFS and LXD

Upstream changes

The items listed below are highlights of the work which happened upstream over the past week and which will be included in the next release.

LXD

• Added a new “BASE IMAGE” column to lxc list
• Tweaked our CGo flags to pass -std=gnu11 -Wvla
• Reworked exec FD handling
• Fixed bad start/stop of storage in snapshot codepaths
• Added optional ?target= to /containers POST documentation
• Fixed cleanup on container create failure
• Fixed crash on listing tunnel device stats
• Fixed some bad NVIDIA GPU information parsing
• Added a new security.unmapped storage volume option
• Fixed interface stats code to use struct_rtnl_link_stats64
• Added readthedocs configuration
• Fixed some pool deletion problems
• Split util_linux.go cgo specific code to seperate file
• Updated documentation to cover LVM support for storage quotas

LXC

• Fixed apparmor policy to account for specified rootfs path
• Updated OCI template to support user/group strings
• Implemented monitor cgroup deletion
• Fixed compiler __noreturn on bionic
• Added compiler __hot attribute
• Fixed missing includes in netns_ifaddrs
• Updated lxc-attach(1) and lxc-execute(1) Japanese tanslations
• Fixed includes to fix bionic builds
• Tweaked some of the cgroup code
• Fixed btrfs containers
• Added logic to OCI for missing /etc/passwd, group
• Added a new lxc_setup_keyring() function
• Updated autotools flags to support -z relro and -z now
• Fixed netns_ifaddrs to handle IFLA_STATS{64} correctly
• Added wrappers and explicit raw syscalls
• Fixed netns_ifaddrs to only use struct rtnl_link_stats64
• Removed unnecessary line in cgroup code
• Tweaked config file parsing to prefault config
• Fixed cgfsng to avoid reusing another monitor’s cgroup
• Fixed lxc_set_death_signal()

LXCFS

• Nothing to report this week

Distrobuilder

• Nothing to report this week

Distribution work

This section is used to track the work done in downstream Linux distributions to ship the latest LXC, LXD and LXCFS as well as work to get various software to work properly inside containers.

Ubuntu

• LXC 3.0.2 is now in bionic-proposed
• LXCFS 3.0.2 is now in bionic-proposed
• Still waiting for LXD 3.0.2 to hit -proposed for Ubuntu 18.04

Snap

• Cherry-picked all current upstream fixes into stable snap
• Bumped ZFS to 0.7.11
• Bumped nvidia-container to 1.0.0
• Tweaked wrappers to not require HOME and USER be set in environment
• Silenced some debug statements in wrapper scripts
• Replaced shutdown logic with API call to snapd
• Made detection of existing/conflicting LXD more reliable
• Switched stable channel to using socket activation